14 DAY TRIAL // Again we are presented with a situation that shows how even companies that should keep us protected are vulnerable to the attacks launched by cybercriminals. This time, NOD32’s website in Ukraine and Kaspersky’s Costa Rican site were defaced.
Kaspersky was hacked by Algerian hackers Over-X, indoushka and Saousha and according to Cyberwarnews, this is not the first time they fail to properly secure their site. The attackers don’t state their reasons for taking down the page, but it’s most likely one of the situations where they want to show how weak its security is.
At the time of writing, Kaspersky’s website (kaspersky.co.cr) is still down, proudly displaying the image placed by the hackers.
On the other hand, NOD32 in Ukraine (nod32.in.ua) acted quickly on restoring their services after being attacked by hackers known as KhantastiC haX0r and Shadow008.
“HellO NoD32. Where is Security ?! Are U Hacked ? Yesh ! U have been Hacked Once Again :D !!! Everyday Someone Get Hacked Today is your Day. Impossible only means it has not been done...” state the hackers on the defaced page.
The ones responsible for taking down the NOD32 site kept themselves busy over the past few days, making a lot of victims, mostly from India and Bangladesh.
The Zone-H mirrors of their hacks reveal that most of the sites were hosted on government domains, which seem to be the favorite targets of this duo.
A few months back we saw Panda’s website in Pakistan being injected with some arbitrary code, and two days ago we saw how Team Elite proved an attack on the Polish website of ArcaBit, the developers of ArcaVit antivirus.
You can probably imagine that for hackers it’s a great accomplishment to breach the websites of those who are actually in the security business and unfortunately, in some cases it takes more than one cybercriminal operation to get them to patch up all the holes.
Update. Kaspersky representatives contacted me to clarify the situation regarding the alleged hacking of their Costa Rican website.
As it turns out, the compromised domain is not owned by Kaspersky or any of their partners, instead it’s the property of a cybersquatter, a cybercriminal that relies on misspelled website addresses to promote his own malicious software.
“The compromised website in question, kaspersky.co.cr, is owned by cybersquatters and has no affiliation with Kaspersky Lab’s domain, which is kaspersky.cr, or any of our partners’ domains. The fraudulent website does not redirect any traffic to Kaspersky Lab’s websites or any of our partners’ sites,” reads the statement from Kaspersky.
Internet users are advised to type in the URL of a website themselves and double check the spelling before surfing its pages.